Bug#471380: Debian patch available for viewvc 1.0.5

Tue, 25 Mar 2008 21:48:31 -0700 

Dear David et. al,

I am affected by bug #471380 regarding the viewvc package.  I have
therefore created a patch that will help you update the debian
subdirectory for this package.  I am successfully using this patch
on my machine at www.zap.org.au.

The patch updates the quilt files in debian/patches (and drops the
04_forbidden_files as it does not seem to be needed now).  It also
installs the (new) docs subdirectory into /usr/share/doc/viewvc and
the (new) templates-contrib subdirectory into
/usr/share/doc/viewvc/examples.

Please apply this patch (or your own variant) as quickly as
possible; alternatively, could someone with Debian developer
privileges do an appropriate NMU?

Yours truly,

John Zaitseff

-- 
John Zaitseff                    ,--_|\    The ZAP Group
Phone:  +61 2 9643 7737         /      \   Sydney, Australia
E-mail: [EMAIL PROTECTED]   \_,--._*   http://www.zap.org.au/
                                      v

diff -ruN viewvc/upstream/1.0.3-2.1/debian/changelog viewvc/tags/1.0.5-0.1zg1/debian/changelog
--- viewvc/upstream/1.0.3-2.1/debian/changelog	2008-01-24 14:16:10.000000000 +1100
+++ viewvc/tags/1.0.5-0.1zg1/debian/changelog	2008-03-26 15:11:56.000000000 +1100
@@ -1,3 +1,31 @@
+viewvc (1.0.5-0.1zg1) unstable; urgency=medium
+
+  * New upstream release, packaged for the ZAP Group package repository
+    (Closes: #471380).  This solves CVE-2008-1290, CVE-2008-1291 and
+    CVE-2008-1292.
+  * Updated the following files in the debian/patches subdirectory:
+      series
+      02_py2html_activation
+      101_viewvc-install_Debian_paths
+      102_viewvc.conf_Debian_customization
+  * Updated debian/rules to install documentation in the docs directory
+    and example templates in templates-contrib.
+
+ -- John Zaitseff <[EMAIL PROTECTED]>  Wed, 26 Mar 2008 15:10:10 +1100
+
+viewvc (1.0.4-0.1zg1) unstable; urgency=low
+
+  * New upstream release, packaged for the ZAP Group package repository.
+  * Updated patches/101_viewvc-install_Debian_paths for this release.
+
+ -- John Zaitseff <[EMAIL PROTECTED]>  Wed, 30 Jan 2008 09:23:10 +1100
+
+viewvc (1.0.3-2.1zg1) unstable; urgency=low
+
+  * Imported the upstream package into the ZAP Group package repository.
+
+ -- John Zaitseff <[EMAIL PROTECTED]>  Thu, 24 Jan 2008 14:39:57 +1100
+
 viewvc (1.0.3-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -ruN viewvc/upstream/1.0.3-2.1/debian/patches/02_py2html_activation viewvc/tags/1.0.5-0.1zg1/debian/patches/02_py2html_activation
--- viewvc/upstream/1.0.3-2.1/debian/patches/02_py2html_activation	2008-01-24 14:16:10.000000000 +1100
+++ viewvc/tags/1.0.5-0.1zg1/debian/patches/02_py2html_activation	2008-03-26 14:52:14.000000000 +1100
@@ -6,7 +6,7 @@
 ===================================================================
 --- lib/viewvc.py.orig	2006-03-18 03:07:36.642984000 +0100
 +++ lib/viewvc.py	2006-03-18 16:11:32.945884353 +0100
-@@ -1310,7 +1310,7 @@
+@@ -1343,7 +1343,7 @@
    return MarkupPHP(cfg.options.php_exe_path, fp)
  
  markup_streamers = {
diff -ruN viewvc/upstream/1.0.3-2.1/debian/patches/101_viewvc-install_Debian_paths viewvc/tags/1.0.5-0.1zg1/debian/patches/101_viewvc-install_Debian_paths
--- viewvc/upstream/1.0.3-2.1/debian/patches/101_viewvc-install_Debian_paths	2008-01-24 14:16:10.000000000 +1100
+++ viewvc/tags/1.0.5-0.1zg1/debian/patches/101_viewvc-install_Debian_paths	2008-03-26 14:52:14.000000000 +1100
@@ -1,24 +1,24 @@
 Index: viewvc-install
 ===================================================================
---- viewvc-install.orig	2006-03-22 01:42:02.038375982 +0100
-+++ viewvc-install	2006-03-22 01:42:11.060273474 +0100
-@@ -122,16 +122,15 @@
- 
- def SetOnePath(contents, var, value):
+--- viewvc-install.orig	2008-01-29 17:39:15.000000000 +1100
++++ viewvc-install	2008-01-29 17:46:51.000000000 +1100
+@@ -119,7 +119,7 @@
+     """Replace instances of the variable VAR as found in file CONTENTS
+     with VALUE."""
      pattern = re.compile('^' + var + r'\s*=\s*.*$', re.MULTILINE)
 -    repl = '%s = r"%s"' % (var, os.path.join(ROOT_DIR, value))
 +    repl = '%s = r"%s"' % (var, value)
-     return re.sub(pattern, ReEscape(repl), contents)
+     return re.sub(pattern, _escape(repl), contents)
+ 
  
--
- def SetPythonPaths(contents):
+@@ -128,8 +128,8 @@
      if contents[:2] == '#!':
          shbang = '#!' + sys.executable
-         contents = re.sub('^#![^\n]*', ReEscape(shbang), contents)
--    contents = SetOnePath(contents, 'LIBRARY_DIR', 'lib')
--    contents = SetOnePath(contents, 'CONF_PATHNAME', 'viewvc.conf')
-+    contents = SetOnePath(contents, 'LIBRARY_DIR', '/usr/lib/viewvc')
-+    contents = SetOnePath(contents, 'CONF_PATHNAME', '/etc/viewvc/viewvc.conf')
+         contents = re.sub('^#![^\n]*', _escape(shbang), contents)
+-    contents = replace_var(contents, 'LIBRARY_DIR', 'lib')
+-    contents = replace_var(contents, 'CONF_PATHNAME', 'viewvc.conf')
++    contents = replace_var(contents, 'LIBRARY_DIR', '/usr/lib/viewvc')
++    contents = replace_var(contents, 'CONF_PATHNAME', '/etc/viewvc/viewvc.conf')
      return contents
  
  
diff -ruN viewvc/upstream/1.0.3-2.1/debian/patches/102_viewvc.conf_Debian_customization viewvc/tags/1.0.5-0.1zg1/debian/patches/102_viewvc.conf_Debian_customization
--- viewvc/upstream/1.0.3-2.1/debian/patches/102_viewvc.conf_Debian_customization	2008-01-24 14:16:10.000000000 +1100
+++ viewvc/tags/1.0.5-0.1zg1/debian/patches/102_viewvc.conf_Debian_customization	2008-03-26 14:52:14.000000000 +1100
@@ -2,7 +2,7 @@
 ===================================================================
 --- viewvc.conf.dist.orig	2006-03-18 20:01:45.600335457 +0100
 +++ viewvc.conf.dist	2006-03-18 20:02:00.577814991 +0100
-@@ -375,7 +375,7 @@
+@@ -419,7 +419,7 @@
  # If %lang% occurs in the pathname, then the selected language will be
  # substituted.
  #
diff -ruN viewvc/upstream/1.0.3-2.1/debian/patches/series viewvc/tags/1.0.5-0.1zg1/debian/patches/series
--- viewvc/upstream/1.0.3-2.1/debian/patches/series	2008-01-24 14:16:10.000000000 +1100
+++ viewvc/tags/1.0.5-0.1zg1/debian/patches/series	2008-03-26 14:52:14.000000000 +1100
@@ -1,6 +1,6 @@
 01_separe_log_and_file -p0
 02_py2html_activation -p0
 03_robots_support -p0
-04_forbidden_files -p0
+#04_forbidden_files -p0
 101_viewvc-install_Debian_paths -p0
 102_viewvc.conf_Debian_customization -p0
diff -ruN viewvc/upstream/1.0.3-2.1/debian/rules viewvc/tags/1.0.5-0.1zg1/debian/rules
--- viewvc/upstream/1.0.3-2.1/debian/rules	2008-01-24 14:16:10.000000000 +1100
+++ viewvc/tags/1.0.5-0.1zg1/debian/rules	2008-03-26 15:11:28.000000000 +1100
@@ -105,10 +105,10 @@
 #	dh_install --sourcedir=debian/tmp --fail-missing
 	dh_install --sourcedir=debian/tmp --list-missing -X.pyc -X/mod_python/
 	dh_installchangelogs CHANGES
-	dh_installdocs
+	dh_installdocs docs
 	dh_installdebconf	
 	dh_installman
-#	dh_installexamples
+	dh_installexamples templates-contrib
 	dh_link
 	dh_strip
 	dh_compress

Reply via email to